Description
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques to the processlogin endpoint to authenticate as administrator without valid credentials.
Published: 2026-03-26
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

School Management System CMS 1.0 is vulnerable to an SQL injection attack that targets the admin login. By inserting malicious code into the username field, an attacker can manipulate the login query and bypass authentication, gaining full administrator privileges. This allows complete control over the system’s functions and data. The weakness is a classic SQL injection (CWE‑89).

Affected Systems

The affected product is Wecodex Solutions School Management System CMS, version 1.0. No additional versions are listed in the vulnerability report.

Risk and Exploitability

The CVSS score of 7.1 indicates high potential impact. External exploitation is possible through the publicly accessible processlogin endpoint; no prior authentication is required. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not a widely exploited vulnerability yet. However, the lack of input validation means an attacker can easily craft requests that bypass authentication and execute arbitrary SQL. Given the severity and ease of exploitation, the risk of a successful attack is significant.

Generated by OpenCVE AI on March 26, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest version of the School Management System CMS provided by Wecodex Solutions if a patch is available.
  • If a patch is not available, modify the login handling code to use parameterized queries or explicit input sanitization for the username field.
  • Implement a Web Application Firewall (WAF) rule set to detect and block typical SQL injection patterns on the processlogin endpoint.
  • Continuously monitor authentication logs for unusual login attempts or repeated failed logins that may indicate exploitation attempts.

Generated by OpenCVE AI on March 26, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Wecodex
Wecodex school Management System Cms
Vendors & Products Wecodex
Wecodex school Management System Cms

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques to the processlogin endpoint to authenticate as administrator without valid credentials.
Title School Management System CMS 1.0 Admin Login SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Wecodex School Management System Cms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T13:02:45.335Z

Reserved: 2026-03-26T11:32:22.689Z

Link: CVE-2018-25201

cve-icon Vulnrichment

Updated: 2026-03-26T13:00:57.364Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-26T12:16:04.653

Modified: 2026-03-26T15:13:15.790

Link: CVE-2018-25201

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T08:36:09Z

Weaknesses